CVE-2023-50916

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a...

Hyip Rio 2.1 - Arbitrary File Upload

Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 30/07/2023 Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Version: 2.1 Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE:...

Academy LMS 6.1 - Arbitrary File Upload

Exploit Title: Academy LMS 6.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 05/08/2023 Vendor: Creativeitem Vendor Homepage: https://academylms.net/ Software Link: https://demo.academylms.net/ Version: 6.1 Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CW...

Academy LMS 6.1 Cross Site Scripting / File Upload

Exploit Title: Academy LMS 6.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 05/08/2023 Vendor: Creativeitem Vendor Homepage: https://academylms.net/ Software Link: https://demo.academylms.net/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CWE: CWE-79 -...

Academy LMS 6.1 Cross Site Scripting / File Upload Vulnerabilities

Exploit Title: Academy LMS 6.1 - Arbitrary File Upload Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://academylms.net/ Software Link: https://demo.academylms.net/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CWE: CWE-79 - CWE-74 - CWE-707...

Hyip Rio 2.1 Cross Site Scripting / File Upload

Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 30/07/2023 Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE: CVE-2023-4382...

Foody Friend 1.0 Arbitrary File Upload / Cross Site Scripting

Exploit Title: Foody Friend 1.0 - Arbitrary File Upload Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/foody-friend-a-saas-based-web-app-food-ordering-bot-for-telegram-and-messenger/25 Tested on:...

Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting

Exploit Title: Listplace Directory Listing Platform 3.0 - Arbitrary File Upload Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22 Tested on: Windows 10...

PHP Restaurants 1.0 - SQL injection (Unauthenticated) Vulnerability

Exploit Title: PHP Restaurants 1.0 - SQLi Unauthenticated Google Dork: None Exploit Author: Nefrit ID Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 Tested on: Kali Linux & Windows 10 SQL injection is a code injection techniqu...

Automattic: GET /api/v2/url_info endpoint is vulnerable to Blind SSRF

Summary: GET /api/v2/urlinfo endpoint is vulnerable to Blind SSRF. I am able to hit both Internal and External services via url parameter by replacing with internal and external url. Platforms Affected: https://www.tumblr.com/ Steps To Reproduce: 1. Login to https://www.tumblr.com/ 2. Follow any...

Mail.ru: Stored XSS in e.mail.ru (payload affect multiple users)

Hi, We have found a high risk level STORED XSS in e.mail.ru chat, the status change function allow to inject malicious payload in javascript & HTML, The attack affect multiple users and run in auto mode, no need a user interaction. Vulnerability affect any user that have been invited to your chat...

PHP File Sharing System 1.5.1 - Multiple Vulnerabilities

PHP File Sharing System 1.5.1 - Multiple Vulnerabilities Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal...